What a long, strange trip it’s been!
2018 has had its share of data breaches and cybersecurity threats.It seems like just yesterday we were fretting over Meltdown and Spectre, two bugs that came onto the scene in January like bulls in a china shop. Of course, we know now that they were actually discovered in 2017, but kept hush-hush in order to give software companies time to develop patches. What was all the commotion about? Meltdown and Spectre were unlike common software bugs. These vulnerabilities existed within the architecture of the processor at the point where raw data such as passwords, photos, and emails pass through before becoming encrypted; hackers were able to use this brief open-door moment to their advantage, stealing information from computers, mobile devices, and the cloud.
With that out of the way, we all breathed a collective sigh of relief. And then BOOM! The entire city of Atlanta was brought to its knees by ransomware. Considered one of the longest and most consequential cyberattacks ever unleashed upon a major American city, things were in dire straits for a while. A hacking group known only as SamSam was able to infect the city’s computers, affecting nearly 8,000 PCs and encrypting files with the words, “I’m sorry.” The demand? $51,000, lest the data be lost forever. While officials determined what to do (law enforcement recommends not paying ransoms, even small ones, as this encourages hackers) employees were forced to write out reports by hand, court cases needed to be canceled, and many residents were unable to pay bills or file reports.
The attacks kept coming. Boeing had a ransomware scare around the same time. The aerospace giant was hit by WannaCry ransomware, a malicious cyberattack that first reared its ugly head in 2017. Hackers found a vulnerability within Boeing’s infrastructure, causing fear that vital airplane production equipment could be taken down. Thankfully, disaster was averted and the attack’s consequences were minimal because most computers had been properly patched; only those that weren’t were affected.
Of course, hackers are always on the prowl, and just a month later Delta, Best Buy, and Sears were all hit. This time, hackers weren’t looking for a payoff—they simply wanted to gain access to customer data and steal their valuable information. What was unique about these breaches was that hackers didn’t target the companies themselves; instead, they gained access through a software vendor that each company used for online chat services, 7.ai. By penetrating the vendor’s infrastructure, hackers were able to acquire unauthorized access to thousands of customers’ personal and credit card information, leaving organizations across the nation reconsidering the security protocols of their vendors.
A year-end recap wouldn’t be complete without looking at social media. Just after weathering the Cambridge Analytica data harvesting scandal in early 2018, Facebook took another blow when cyber criminals exploited a security flaw and attacked its system. This affected the accounts of nearly 50 million users, and exposed their most private information. The social media giant could do nothing but throw up their hands, stating that there was nothing users could do except check that their account did not appear to have been used by somebody else, while recommending a password change. That was, of course, of little consolation to many Facebook users.
While it was never going to rule the world like Facebook, Google’s consumer social media platform also took a hit—and the company decided it was best to just shut it down. While the news didn’t break until October, Google knew of a bug in its application program interface that would allow third-party app developers access to the personal data of not only users who had granted permission, but also the friends of those users, since 2015. The public was rightly outraged, and Google stock took a nosedive once news was made public. Following this fiasco, the company stated that the consumer version of Google+ would be shuttered within the coming months.
These last two months of the year haven’t been any prettier. Marriott’s guest reservation system was hacked in November, potentially exposing the personal information of 500 million guests. Also in November, a security flaw in the United States Postal Service app exposed the data of more than 60 million users. The app’s vulnerability left users’ account details, including usernames, IDs, and email and home addresses, available to anyone with basic knowledge of the data elements processed by a regular web browser.
Those examples are just a handful of breaches and attacks that have occurred in 2018. Many others that affected healthcare organizations, government agencies, and educational institutions have also taken place. But it’s not all gloom and doom for your business. A third-party provider can help evaluate your current systems of security and manage security concerns. DSM, Florida’s predictable cloud provider, can help keep data protected through continuous monitoring and data protection services. Contact one of our IT experts today to learn more.